SD3 Forms Basis for Security Push

To address security vulnerabilities with its products, Microsoft is pursuing a strategy that Microsoft strategist Craig Mundie summarizes as “SD3″—secure by design, secure by default, and secure by deployment. All of Microsoft’s product teams have begun to adopt this strategy, and while some areas are showing measurable improvement, the strategy as a whole has yet to produce consistent results.

SD3

Microsoft product divisions tend to work autonomously, with little direct management from the company’s senior managers. In an attempt to help product divisions improve the security of their products, the company is pursuing a strategy that consists of three parts.

Secure by design. Security must be a fundamental part of the design of every feature in every product. The goal is to reduce the number of security bugs or vulnerabilities that are present in new software. To accomplish this goal, security must be a factor during all phases of product design, from creating the specification through writing the code and testing the product.